From 42ccdf3069e5c0b83109f78dd7a571252392f3e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?= ppisar@redhat.com Date: Mon, 11 Jan 2016 15:59:30 +0100 Subject: Fix CVE-2015-8607 (File::Spec::canonpath() loses tain) (bug #1297455)
--- ...nsure-File-Spec-canonpath-preserves-taint.patch | 71 ++++++++++++++++++++++ perl-PathTools.spec | 8 ++- 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 perl-5.23.6-ensure-File-Spec-canonpath-preserves-taint.patch
diff --git a/perl-5.23.6-ensure-File-Spec-canonpath-preserves-taint.patch b/perl-5.23.6-ensure-File-Spec-canonpath-preserves-taint.patch new file mode 100644 index 0000000..da935ce --- /dev/null +++ b/perl-5.23.6-ensure-File-Spec-canonpath-preserves-taint.patch @@ -0,0 +1,71 @@ +From 0b6f93036de171c12ba95d415e264d9cf7f4e1fd Mon Sep 17 00:00:00 2001 +From: Tony Cook tony@develop-help.com +Date: Tue, 15 Dec 2015 10:56:54 +1100 +Subject: [PATCH] ensure File::Spec::canonpath() preserves taint +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Previously the unix specific XS implementation of canonpath() would +return an untainted path when supplied a tainted path. + +For the empty string case, newSVpvs() already sets taint as needed on +its result. + +This issue was assigned CVE-2015-8607. [perl #126862] + +Signed-off-by: Petr Písař ppisar@redhat.com +--- + dist/PathTools/Cwd.xs | 1 + + dist/PathTools/t/taint.t | 19 ++++++++++++++++++- + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/dist/PathTools/Cwd.xs b/dist/PathTools/Cwd.xs +index 9d4dcf0..3d018dc 100644 +--- a/dist/PathTools/Cwd.xs ++++ b/dist/PathTools/Cwd.xs +@@ -535,6 +535,7 @@ THX_unix_canonpath(pTHX_ SV *path) + *o = 0; + SvPOK_on(retval); + SvCUR_set(retval, o - SvPVX(retval)); ++ SvTAINT(retval); + return retval; + } + +diff --git a/dist/PathTools/t/taint.t b/dist/PathTools/t/taint.t +index 309b3e5..48f8c5b 100644 +--- a/dist/PathTools/t/taint.t ++++ b/dist/PathTools/t/taint.t +@@ -12,7 +12,7 @@ use Test::More; + BEGIN { + plan( + ${^TAINT} +- ? (tests => 17) ++ ? (tests => 21) + : (skip_all => "A perl without taint support") + ); + } +@@ -34,3 +34,20 @@ foreach my $func (@Functions) { + + # Previous versions of Cwd tainted $^O + is !tainted($^O), 1, "$^O should not be tainted"; ++ ++{ ++ # [perl #126862] canonpath() loses taint ++ my $tainted = substr($ENV{PATH}, 0, 0); ++ # yes, getcwd()'s result should be tainted, and is tested above ++ # but be sure ++ ok tainted(File::Spec->canonpath($tainted . Cwd::getcwd)), ++ "canonpath() keeps taint on non-empty string"; ++ ok tainted(File::Spec->canonpath($tainted)), ++ "canonpath() keeps taint on empty string"; ++ ++ (Cwd::getcwd() =~ /^(.*)/); ++ my $untainted = $1; ++ ok !tainted($untainted), "make sure our untainted value is untainted"; ++ ok !tainted(File::Spec->canonpath($untainted)), ++ "canonpath() doesn't add taint to untainted string"; ++} +-- +2.5.0 + diff --git a/perl-PathTools.spec b/perl-PathTools.spec index 295f2c2..8eaccba 100644 --- a/perl-PathTools.spec +++ b/perl-PathTools.spec @@ -1,7 +1,7 @@ %global cpan_version 3.47 Name: perl-PathTools Version: %(echo '%{cpan_version}' | tr _ .) -Release: 311%{?dist} +Release: 312%{?dist} Summary: PathTools Perl module (Cwd, File::Spec) License: (GPL+ or Artistic) and BSD Group: Development/Libraries @@ -9,6 +9,8 @@ URL: http://search.cpan.org/dist/PathTools/ Source0: http://www.cpan.org/authors/id/S/SM/SMUELLER/PathTools-%%7Bcpan_version%7D.t... # Disable VMS test (bug #973713) Patch0: PathTools-3.47-Disable-VMS-tests.patch +# Fix CVE-2015-8607 (File::Spec::canonpath() loses tain), bug #1297455 +Patch1: perl-5.23.6-ensure-File-Spec-canonpath-preserves-taint.patch BuildRequires: perl BuildRequires: perl(ExtUtils::MakeMaker) # Run-time: @@ -37,6 +39,7 @@ This is the combined distribution for the File::Spec and Cwd modules. %prep %setup -q -n PathTools-%{cpan_version} %patch0 -p1 +%patch1 -p3 # Remove bundled modules rm -r t/lib sed -i -e '/^t/lib//d' MANIFEST @@ -65,6 +68,9 @@ make test %{_mandir}/man3/*
%changelog +* Mon Jan 11 2016 Petr Pisar ppisar@redhat.com - 3.37-312 +- Fix CVE-2015-8607 (File::Spec::canonpath() loses tain) (bug #1297455) + * Tue Jan 13 2015 Petr Pisar ppisar@redhat.com - 3.47-311 - Require constant module